# .htpasswd Protection

To password protect a directory served by Apache, you need a .htaccess file in the directory you want to protect and a .htpasswd file that can be anywhere on your system that the Apache user can access (but put it somewhere sensible and private). You most likely do not want to put .htpasswd in the same folder as .htaccess.

The .htaccess file may already exist. If not, create it. Then insert:

```text
AuthType Basic
AuthName "Your authorization required message."
AuthUserFile /path/to/.htpasswd
require valid-user
```

Then create a .htpasswd file using whatever username and password you want. The password should be encrypted. If you are on a Linux server, you can use the htpasswd command which will encrypt the password for you. Here is how that command can be used for this:

`htpasswd -b /path/to/password/file username password`


Here is a Virtual Host example. This is useful for covering a collection of sites or more explicit control.
It is mostly the same but must be in a Location directive.

```
<VirtualHost ...>
    ...
    <Location / >
        AuthType Basic
        AuthName "What is the password?"
        AuthUserFile /path/to/htpasswd
        require valid-user
    </Location>
```